WannaCry still lurking around, India also affected: Sophos

September 19, 2019 02:59 PM

NEW DELHI: The WannaCry ransomware that created mayhem in 2017 has not died out and security software firm Sophos stopped a whopping 4.3 million infection attempts globally in August 2019, out of which 8.8 per cent were located in India, the firm revealed on Thursday.

According to the British cybersecurity firm, the WannaCry threat continues to live largely owing to the ability of new variants to bypass the 'kill switch.'

'Kill switch' is a specific URL that, if the malware connects to it, automatically ends the infection process and all had a corrupted ransomware component and were unable to encrypt data.

The 4.3 million attack attempts were stopped by Sophos endpoints which is essentially an endpoint protection product that combines anti-malware, web and application control and device control.

"The WannaCry outbreak of 2017 changed the threat landscape forever. Our research highlights how many unpatched computers are still out there, and if you haven't installed updates that were released more than two years ago -- how many other patches have you missed?, " Peter Mackenzie, Security Specialist at Sophos, said in a statement.

"In this case, some victims have been lucky because variants of the malware immunised them against newer versions. But no organisation should rely on this. Instead, standard practice should be a policy of installing patches whenever they are issued, and a robust security solution in place that covers all endpoints, networks and systems, " Mackenzie added.

However, the fact that these computers could be infected in the first place suggests the patch against the main exploit used in the WannaCry attacks has not been installed -- a patch that was released more than two years ago.

Researchers at Sophos have also traced the first appearance of the most widespread corrupted variant back to just two days after the original attack which took place on May 14, 2017, when it was uploaded to "VirusTotal", but had not yet been seen in the wild.

The original WannaCry malware was detected 40 times and since then, SophosLabs researchers have identified 12, 480 variants of the original code.